Privilege escalation in Google Android

CVE-2014-9322

arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads…

Vulnerability class: Privilege Escalation

EPSS: 0.054 (90.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

  • USN-2491-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
  • HPSBGN03285 (x_refsource_HP, vendor-advisory, Mailing List, Third Party Advisory)
  • SUSE-SU-2015:0736 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
  • cve@mitre.org (x_refsource_CONFIRM, Patch, Mailing List, Vendor Advisory)
  • cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
  • RHSA-2015:0009 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
  • HPSBGN03282 (x_refsource_HP, vendor-advisory, Mailing List, Third Party Advisory)
  • cve@mitre.org (Permissions Required, x_refsource_CONFIRM, Third Party Advisory)
  • cve@mitre.org (VDB Entry, Third Party Advisory, x_refsource_MISC)
  • openSUSE-SU-2015:0566 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2014-9322?
CVE-2014-9322 is a high-severity vulnerability in Google Android, classified under Improper Privilege Management. CVSS score: 7.8/10. Published 2014-12-17.
How severe is CVE-2014-9322?
High severity. CVSS v3 base score is 7.8 out of 10.
Is CVE-2014-9322 known to be exploited?
28 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.